KR102350462B1 - Signature generation method, electronic device and storage medium - Google Patents

Abstract

The present application provides a method for generating a signature, an electronic device and a storage medium, and belongs to the field of information technology. In the present application, the aggregate signature is generated by using sub-signatures of a plurality of signing parties, the aggregate public key is generated based on the public keys of the plurality of signing parties, and the length of the obtained aggregate signature is obtained by scanning the plurality of sub-signatures. shorter than the length of the multi-signature obtained by splicing, the length of the aggregate public key is shorter than the length of the multi-public key obtained by splicing the plurality of public keys, and therefore during network transmission of the aggregate signature and aggregate public key , the burden of network transmission is reduced, the storage space is reduced during storage, and during signature checking, the message to be signed is checked using the aggregate public key and the aggregate signature directly, so that the complexity of signature checking is greatly reduced.

Description

Signature generation method, electronic device and storage medium

This application is entitled "Signature generating method and apparatus, terminal and server" and claims priority to the Chinese Patent Application No. filed on November 10, 2017, the contents of which are incorporated herein by reference is included

The present application relates to the field of information technology, and in particular to a method for generating a signature, an electronic device and a storage medium.

With the continuous development of information technology, a new technology, blockchain, has been developed rapidly. A blockchain is a string of related blocks created using cryptographic methods. In the block chain, the block data of each block is related to the block data of the previous block. Therefore, fraudulent actions cannot be performed by manipulating block data. It can guarantee that the block data of all blocks is open and transparent. A blockchain consists of many nodes to jointly form an end-to-end network. Data exchange between nodes is verified using digital signature technology. Digital signature technology is a technology for authenticating digital information through digital encryption. In some cases, for example, when a transaction requires agreement between multiple parties, the multiple parties will sign the message, which is referred to as a multi-signature manner.

개의 서명 파티가 있다고 가정하면, 다중-서명이 수행될 때,

개의 다른 서명이 일렬로 연결되어 블록 체인에 저장하기 위한 긴 서명으로 스플라이싱된다. 서명 검사 동안, 그 긴 서명을 검증하기 위해서는

개의 서명 파티의 공개 키가 동시에 필요하다. N은 1보다 큰 정수이다.In the related art, the implementation plan of the multi-signature method is as follows:

Assuming that there are two signing parties, when multi-signature is performed,

Two different signatures are chained together and spliced into a long signature for storage on the blockchain. During signature check, to verify that long signature

The public keys of the two signing parties are required at the same time. N is an integer greater than 1.

An embodiment of the present disclosure provides a signature generation method, an electronic device, and a storage medium, thereby reducing the complexity of signature checking. The technical solution is:

According to one aspect, a method for generating a signature is provided, the method comprising:

generating a message digest according to the message to be signed and an eigenvalue of a plurality of signing parties, wherein an eigenvalue of each signing party is obtained through calculation according to the random number of the signing party;

obtaining a public key and sub-signature of the plurality of signing parties, wherein the sub-signature of each signing party is obtained through calculation according to the random number of the signing party, the message digest and the private key of the plurality of signing parties; ;

generating an aggregate public key according to the public keys of the plurality of signing parties, wherein a length of the aggregate public key is shorter than a length of the plurality of public keys after splicing; and

generating an aggregate signature according to the sum of the plurality of sub-signatures and the message digest;

includes

According to one aspect, a method for generating a signature is provided, the method comprising:

obtaining a random number and generating an eigenvalue according to the random number;

obtaining a message to be signed, a private key and a public key;

generating a message digest, wherein the message digest is obtained through calculation by the signature aggregation party according to the message to be signed and the algorithm; and

generating a sub-signature according to the message digest, the random number and the private key;

includes

According to one aspect, an apparatus for generating a signature is provided, the apparatus comprising:

a first generating module, configured to generate a message digest according to the message to be signed and an eigenvalue of a plurality of signing parties, wherein the eigenvalue of each signing party is obtained through calculation according to a random number of the signing party;

an obtaining module, configured to obtain the public key and sub-signature of the plurality of signing parties, wherein the sub-signature of each signing party is calculated according to the random number of the signing party, the message digest and the private key of the plurality of signing parties Acquired through - ;

a second generating module, configured to generate an aggregate public key according to the public keys of the plurality of signing parties, wherein a length of the aggregate public key is shorter than a length of the plurality of public keys after splicing; and

a third generating module, configured to generate an aggregate signature according to the sum of the plurality of sub-signatures and the message digest;

includes

According to one aspect, an apparatus for generating a signature is provided, the apparatus comprising:

a first generating module, configured to obtain a random number and generate an eigenvalue according to the random number;

a first obtaining module, configured to obtain the message to be signed, the private key and the public key;

a second obtaining module, configured to generate a message digest, wherein the message digest is obtained through calculation by the signature aggregation party according to the message to be signed and the algorithm; and

a second generating module, configured to generate a sub-signature according to the message digest, the random number and the private key

includes

According to one aspect, there is provided a terminal, the terminal comprising a processor and a memory, the memory storing at least one instruction, the at least one instruction being loaded by the processor to execute the above-described method for generating a signature, is carried out

According to one aspect, there is provided a server, the server comprising a processor and a memory, the memory storing at least one instruction, the at least one instruction being loaded by the processor to execute the above-described method for generating a signature, is carried out

According to one aspect, a computer readable medium is provided, the computer readable medium comprising a processor and a memory, the memory storing at least one instruction, the at least one instruction being the method for generating a signature as described above. is loaded and executed by the processor to execute

Advantageous effects produced by the technical solution of the embodiment of the present disclosure are as follows: an aggregate signature is generated by using sub-signatures of a plurality of signing parties, and an aggregate public key is generated based on the public keys of the plurality of signing parties; The length of the obtained aggregate signature is shorter than the length of the multi-signature obtained by splicing the plurality of sub-signatures, and the length of the aggregate public key is shorter than the length of the multi-public key obtained by splicing the plurality of public keys. and; Therefore, during network transmission of the aggregate signature and aggregate public key, the network transmission burden is relieved, the storage space is reduced during storage, and during signature checking, the message to be signed is directly checked using the aggregate public key and aggregate signature, so that the signature check greatly reduce the complexity of

In order to more clearly explain the technical solution of the embodiment of the present invention, the following briefly describes the accompanying drawings necessary to explain the embodiment of the present invention. Naturally, the accompanying drawings of the following embodiments are only some embodiments of the present invention, and those skilled in the art will be able to derive other drawings from the accompanying drawings without creative efforts.
1 is a diagram of an execution environment according to an embodiment of the present disclosure;
2 is a flowchart of signature generation according to an embodiment of the present disclosure;
3 is a schematic diagram of a transfer scenario between a plurality of account addresses according to an embodiment of the present disclosure;
4 is a flowchart for generating a signature according to an embodiment of the present disclosure.
5 is a schematic diagram of a process for reaching an agreement according to an embodiment of the present disclosure;
6 is a schematic diagram of signature generation in a parallel manner according to an embodiment of the present disclosure.
7 is a flowchart of signature generation according to an embodiment of the present disclosure.
8 is a schematic diagram for initiating a contract by a plurality of contracting parties according to an embodiment of the present disclosure;
9 is a schematic structural diagram of an apparatus for generating a signature according to an embodiment of the present disclosure.
10 is a schematic structural diagram of an apparatus for generating a signature according to an embodiment of the present disclosure.
11 is a schematic block diagram of a terminal 1100 according to an embodiment of the present disclosure.
12 is a schematic structural block diagram of a server according to an embodiment of the present disclosure.

In order to make the object, technical solution and advantage of the present disclosure more clear, the following describes the implementation of the present disclosure in more detail with reference to the accompanying drawings.

Referring to the data sharing system shown in FIG. 1 , the data sharing system 100 is a system for sharing data between nodes. The data sharing system may include a plurality of nodes 101 , 102 , 103 , the plurality of nodes 101 may be client devices of the data sharing system, and the data sharing system includes one or more for storing information and data. A blockchain can be constructed. Each node 101 may receive input information during normal operation, and maintain shared data in the data sharing system based on the received input information.

In order to ensure information interworking in the data sharing system, an information connection can be established between the nodes of the data sharing system, so that information can be transmitted between the nodes through the information connection. Communication between nodes can be performed and trust is achieved. It must rely on digital signature technology, and mainly performs identity verification, information authentication and integrity authentication. For example, when any node in the data sharing system receives input information, after this node's check succeeds, the information will be broadcast to other nodes. In the process of reaching consensus among nodes, nodes must verify the signature, and consensus can be reached if a certain number of nodes verification is successful. After consensus is reached, the input information is used as shared data for storage, so the data stored on all nodes in the data sharing system is consistent. The data sharing system may be a trading system, and the trading system is a system for financial transactions. A trading system may include a plurality of nodes. Each node creates ledger data during transactions and maintains a shared ledger in the transaction system based on that ledger data.

While applying blockchain technology, multi-signature technology is required for more than one user to sign a transaction and send it to the blockchain. That is, the signature aggregation party generates an aggregate signature and aggregate public key according to the signatures and public keys of a plurality of users, and during signature checking, the signed message only needs to be checked according to the aggregate signature and aggregate public key. In a practical application scenario, in the signature generation process, after receiving a trigger command to generate a signature, a plurality of signature parties select a random number and generate an eigenvalue according to the random number. The signature aggregation party generates a message digest according to the message to be signed and the values of the plurality of signature parties. A plurality of signing parties obtain a message digest (message digest is obtained through calculation by the signature aggregation party according to the message to be signed and an algorithm), and then generate a sub-signature according to the message digest, random number, and private key do. The signature aggregation party obtains public keys and sub-signatures of the plurality of signature parties. Then, the signing aggregation party generates the aggregation public key according to the public keys of the plurality of signing parties. The signature aggregation party generates an aggregate signature according to a plurality of sub-signatures (eg, the sum of the sub-signatures) and the message digest.

The client devices and nodes of the data sharing system may further have at least one database for storing random numbers, sub-signatures, message digests, aggregate signature aggregate public keys, and the like.

This solution is detailed below using three implementation scenarios.

2 is a flowchart of signature generation according to an embodiment of the present disclosure; For example, the method is applied to a client device in a data sharing system, and a plurality of signing parties are a plurality of account addresses provided by the client device. In this case, the plurality of signature parties and signature aggregation parties are on the same client device in the same data sharing system. That is, the plurality of signing parties and the signature aggregation party have the same execution body, and the message to be signed is a transfer amount corresponding to each account address and some other transaction information. Operations 200-208 are detailed below.

200: The client device obtains a signature generation instruction, wherein the signature generation instruction is used to instruct delivery from the plurality of account addresses to the at least one account address and to indicate a delivery quantity of the plurality of account addresses.

3 , assuming that the user has a plurality of account addresses, when the user needs to transfer assets in the plurality of account addresses to one or more target account addresses, the plurality of accounts is a plurality of signing parties . When the user operates the client device to perform a transaction, the client device receives the transfer request. The transfer request carries the message to be signed in this transaction. Then, a signature generation command is triggered, so that the client device starts to generate a signature. The message to be signed may be the current transfer request, or the account address used as the transfer-out account in the current transfer request, the transfer amount of each account address and the transfer-in account used as the transfer-in account. It may be an account address that is

201: The client device obtains a plurality of random numbers of a plurality of account addresses used as a transfer account, and individually generates a unique value of the plurality of account addresses according to the plurality of random numbers.

After receiving the signature generation command, in order to distinguish the plurality of account addresses in the client device, the client device selects respective random numbers for the plurality of account addresses, or takes pre-stored respective random numbers of the plurality of account addresses, Each of the eigenvalues of a plurality of account addresses is generated according to a plurality of random numbers.

Specifically, taking an account address as an example, the execution body of the account address is a client device, and operation 200 may include the following operations 1 to 4 .

및 제2 값

를 획득하고, 제1 값

및 제2 값

는 소수이고,

는

의 인수이고,

및

이다.Operation 1: The client device has a first value for the account address

and a second value

to obtain the first value

and a second value

is a prime number,

Is

is the argument of

and

to be.

의 범위 내의 소수를 선택하고 그 소수를 제1 값

으로 결정하고,

의 범위 내의 소수를 선택하고 그 소수를 제2 값

로 결정하므로, 제1 값

및 제2 값

는

가

의 인수임을 만족한다. 전술한 방식 외에, 클라이언트 장치는 관련 데이터베이스에 미리 저장되어 있는 제1 값

및 제2 값

을 또한 고려할 수 있다. 미리 저장되어 있는 제1 값

및 제2 값

는 모두 소수이며,

가

의 인수이고,

및

임을 만족한다.the client device

Select a prime number within the range of and set the prime number to the first value

to decide,

Select a prime number within the range of

Since it is determined as, the first value

and a second value

Is

go

It is satisfied that the argument of In addition to the above-described manner, the client device uses a first value stored in advance in a related database.

and a second value

can also be considered. Pre-stored first value

and a second value

are all prime numbers,

go

is the argument of

and

satisfied that

를 획득하며,

는

이

로 정확하게 나누어질 수 있음을 만족한다.Operation 2: generation base

to obtain,

Is

this

It is satisfied that it can be accurately divided into .

이

로 정확하게 나누어질 수 있음을 만족한다. 대안으로, 클라이언트 장치는 관련 데이터베이스에 미리 저장되어 있는 생성 기준 g를 가져오고 그 생성 기준 g는

이

로 정확하게 나누어질 수 있음을 만족한다.Since the client device randomly selects a value and determines that value as the generation criterion g, the generation criterion g is

this

It is satisfied that it can be accurately divided into . Alternatively, the client device fetches the generation criterion g pre-stored in the relevant database and the generation criterion g is

this

It is satisfied that it can be accurately divided into .

이다.Operation 3: Obtain a random number, the range of values of the random number is

to be.

의 범위 내의 값을 무작위로 선택하고, 그 값을 난수로 결정한다. 대안으로, 클라이언트 장치는 관련 데이터베이스에 미리 저장되어 있는 난수를 가져오고 그 난수는

의 범위 내에 있음을 만족한다.the client device

A value within the range of is randomly selected, and the value is determined as a random number. Alternatively, the client device fetches a random number pre-stored in the relevant database and the random number is

is satisfied that it is within the range of

Operation 4: Generate an eigenvalue according to the random number, the generation criterion and the first value.

After obtaining the eigenvalue according to the random number, the generation criterion and the first value, the client device may calculate the eigenvalue of the account address according to the following equation (1):

은 고윳값을 나타내고,

은 난수를 나타내고,

는 생성 기준을 나타내며,

는 제1 값을 나타낸다.

represents the eigenvalue,

represents a random number,

represents the creation criteria,

represents the first value.

The client device may generate a respective epoch value for a plurality of account addresses used as a withdrawal and transfer account according to operations 1 to 4 . Details are not described again here. The creation process may be parallel. That is, the client device simultaneously obtains respective random numbers for the plurality of account addresses, and generates respective eigenvalues for the plurality of account addresses according to the plurality of random numbers. The creation process may be serial. That is, the client device obtains a random number for the account address and generates an eigenvalue for the account address according to the random number. Then, the client device generates an eigenvalue for the next account address according to a random number until an eigenvalue is generated for all account addresses, and then the operation ends. It is not limited here.

202: The client device acquires a message to be signed and a plurality of account addresses, and generates a message digest, wherein the message to be signed is an account address used as a transfer-out account, each account address of the transfer amount and the account address used as the transfer-in account.

After generating each eigenvalue for the account address according to the above-described process, the client device obtains a plurality of eigenvalues, and generates an aggregate eigenvalue according to the plurality of eigenvalues. Then, the client device determines the obtained aggregate value, the account address used as the withdrawal and transfer account, the transfer amount of each account address, the account address used as the deposit and transfer account, and a preset one-way hash function Generates a message summary according to

Specifically, operation 202 may include operations 1 to 3 below.

Operation 1: The client device obtains respective values and messages to be signed for a plurality of account addresses.

The client device may directly use the sending request as the message to be signed, or extract the account address used as the withdrawal transfer account, the transfer amount of each account address, and the account address used as the deposit transfer account in the transfer request as the message to be signed. have. In this embodiment, an explanation is provided using an example in which the message to be signed is an extracted account address used as a withdrawal transfer account, a transfer amount of each account address, and an account address used as a withdrawal transfer account.

In this operation, the client device may store in advance the first value and the original value of the account address generated in operation 201 . Before generating the message digest, the client device may obtain a pre-stored value and a first value of the account address.

Operation 2: The client device generates an aggregate eigenvalue according to each eigenvalue and the first value of the plurality of account addresses.

In a specific calculation manner, the client device calculates a product of a plurality of eigenvalues, and generates an aggregate eigenvalue according to the product of the plurality of eigenvalues and the first value. Also, in the above-described calculation process, a process in which the client device generates an aggregate eigenvalue according to a product of a plurality of eigenvalues and the first value may be performed through a modulo operation. The calculation formula may be the following formula (2).

은 집계 고윳값을 나타내고,

은 계정 주소의 총수를 나타내고,

는 i번째 계정 주소의 고윳값을 나타내며, mod는 모듈로 연산을 나타내며,

는 제1 값을 나타낸다.

represents the aggregate eigenvalue,

represents the total number of account addresses,

represents the eigenvalue of the i-th account address, mod represents the modulo operation,

represents the first value.

Operation 3: Generate a message digest according to the aggregate eigenvalue, the message to be signed, and a preset one-way hash function.

The hash value of the message is obtained according to the above-described generated aggregate eigenvalue, the message to be signed, and a preset one-way hash function. The hash value is a message digest. The preset one-way hash function may be a SHA256 secure hash function.

Also, the message digest can be calculated according to the following equation (3):

는 메시지 요약을 나타내고,

는 해시 값 계산 연산을 나타내고,

은 서명될 메시지를 나타내며,

은 집계 고윳값을 나타낸다.

represents the message summary,

represents the hash value calculation operation,

indicates the message to be signed,

represents the aggregate eigenvalue.

203: The client device acquires a private key and a public key of a plurality of account addresses used as a withdrawal and transfer account, and generates a sub-signature according to the message digest, the random number and the private key.

의 범위 내에 있으며,

는 위에서 획득된 제2 값이며, 공개 키는 개인 키, 생성 기준 및 제1 값에 따라 생성된다. 구체적인 계산식은 다음 식(4)일 수 있다:After obtaining the message digest, the client device may obtain the private key and public key of the account address ready to transmit. The private key and public key may be obtained in a plurality of implementations: (1) the database may store the private key and public key of each account address, and when the client device needs the private key and public key , the client device can directly obtain the private key and public key of each account address from the database; (2) The client device temporarily generates a private key and a public key for each account address, and the private key is

is within the scope of

is the second value obtained above, and the public key is generated according to the private key, the generation criterion, and the first value. A specific formula may be the following formula (4):

는 공개 키를 나타내고,

는 공개 키를 나타내고,

는 생성 기준을 나타내며,

는 제1 값을 나타낸다.

represents the public key,

represents the public key,

represents the creation criteria,

represents the first value.

Then, the client device obtains the message digest, the random number and the second value generated in the above-described process, and generates a sub-signature of each account address according to the private key, the message digest, the random number and the second value of each account address. Calculate. The calculation expression may be the following equation (5):

는 i번째 계정 주소의 하위 서명을 나타내고,

는 i번째 계정 주소의 난수를 나타내고,

는 메시지 요약을 나타내고,

는 i번째 계정 주소의 개인 키를 나타내고,

는 제2 값을 나타내며, mod는 모듈로 연산을 나타낸다.

represents the sub-signature of the i-th account address,

represents the random number of the i-th account address,

represents the message summary,

represents the private key of the i-th account address,

denotes a second value, and mod denotes a modulo operation.

204: The client device acquires a public key of a plurality of account addresses, and generates an aggregate public key according to the public keys of the plurality of account addresses.

After the client device obtains each public key for the account address according to the processing process described above, the client device generates an aggregate public key according to the product of the public key and the first value. Further, in the above calculation process, the client device obtains each first value for the account address, calculates a product of a plurality of public keys, and performs a modulo operation according to the product of the plurality of public keys and the first value and generate an aggregate public key. The calculation can be performed according to the following equation (6):

는 집계 공개 키를 나타내고,

는 구적 연산을 나타내고,

은 계정 주소의 총수를 나타내고,

는 i번째 계정 주소의 공개 키를 나타내며, mod는 모듈로 연산을 나타내며,

는 제1 값을 나타낸다.

represents the aggregate public key,

represents a quadrature operation,

represents the total number of account addresses,

denotes the public key of the i-th account address, mod denotes the modulo operation,

represents the first value.

205: The client device generates the aggregate signature according to the sum of the plurality of sub-signatures and the message digest.

Through the operation 203 described above, the client device obtains each sub-signature for the account address, adds the sub-signature to obtain a sum value of the plurality of sub-signatures, determines the sum value as the aggregate sub-signature, and such Generates an aggregate signature based on the following aggregate sub-signature and message digest.

Further, in the above calculation process, the sub-signature of the account address is added to obtain the sum value of the plurality of sub-signatures, a modulo operation is performed on the sum value and the second value, and the obtained result is an aggregate sub-signature. is determined, and the calculation can be performed according to the following equation (7):

는 집계 하위 서명을 나타내고,

는 합산 연산을 나타내고,

은 계정 주소의 총수를 나타내고,

는 i번째 계정 주소의 하위 서명을 나타내며, mod는 모듈로 연산을 나타내며,

는 제2 값을 나타낸다.

represents the aggregate subsignature,

represents the summation operation,

represents the total number of account addresses,

denotes the subsignature of the i-th account address, mod denotes the modulo operation,

represents the second value.

After determining the aggregate sub-signature through the above process, the aggregate sub-signature and the message digest are spliced, and the result obtained through splicing is determined as the aggregate signature. When determining the aggregate sub-signature through the above process, since the aggregate sub-signature is generated according to the sum of the sub-signatures, the length of the obtained aggregate sub-signature is much shorter than the length of the plurality of sub-signatures after splicing. Therefore, the length of the aggregate signature obtained according to the aggregate sub-signature is shorter than the length of the signature obtained through splicing, the storage space can be reduced during storage, and the network transmission burden is reduced during network transmission of the aggregate signature.

In the above-described operation, an eigenvalue, a message digest, a subsignature, an aggregate signature, an aggregate public key, etc. may be obtained through calculation, and the client device determines the obtained eigenvalue, a message digest, a subsignature, an aggregate signature, an aggregate public key, and the like. etc. can be saved. During storage, the client device may store all generated results in a related database, or combine the results with respective account addresses for storage, without limitation herein.

The aforementioned process of generating the aggregate signature and aggregate public key may be parallel. That is, the client device simultaneously obtains each sub-signature of all account addresses, generates an aggregate sub-signature according to the plurality of sub-signatures, and then generates an aggregate signature according to the aggregate sub-signature and the message digest. Similarly, the client device simultaneously obtains respective public keys of all account addresses, and generates an aggregate public key according to the plurality of public keys. Optionally, the process described above for generating the aggregate signature and aggregate public key may also be serial. That is, the client device obtains a sub-signature of the first account address and a sub-signature of the second account address, and generates a partially aggregated sub-signature according to the two sub-signatures. Then, the client device obtains the sub-signature of the third account address, and generates a new partially aggregated sub-signature according to the aforementioned partial aggregate sub-signature and sub-signature. Then, the client device obtains a sub-signature of the fourth account address, and until the sub-signatures of all account addresses participate in generating the aggregate sub-signature, a new partial aggregate sub-signature according to the aforementioned partial aggregate sub-signature and sub-signature, etc. , and then a unified signature is generated according to the generated unified sub-signature and message digest. It is not limited here.

206: The client device sends the message, the aggregate public key and the aggregate signature to any node in the data sharing system.

In this operation, the aggregate signature may be added to the message for transmission to the data sharing system, or the message and aggregate signature may be transmitted together to the data sharing system. It is not limited here.

After the aggregate public key and aggregate signature are generated in the above process, the client device sends the message, aggregate public key and aggregate signature to the data sharing system, and the data sharing system performs signature check on the message.

207: Any node in the data sharing system performs signature check on the message according to the aggregate public key and the aggregate signature.

Specifically, the client device sends the message, the generation criterion and the first value of each account address, and the aggregate public key and the aggregate signature to the data sharing system, and the data sharing system sends the information to the node of the system. The node receiving the information performs a signature check on the message according to the message, the creation criteria and the first value of each account address, and the aggregate public key and aggregate signature. During the signature check, it is determined whether the following equation (8) holds; If so, the signature check succeeds, otherwise the signature check fails.

는 메시지 요약을 나타내고,

는 해시 값 계산 연산을 나타내고,

은 메시지를 나타내며,

는 생성 기준을 나타내고,

는 집계 하위 서명을 나타내고,

는 집계 공개 키를 나타내며, mod는 모듈로 연산을 나타내며,

는 제1 값을 나타낸다.

represents the message summary,

represents the hash value calculation operation,

indicates a message,

represents the creation criterion,

represents the aggregate subsignature,

denotes aggregate public key, mod denotes modulo operation,

represents the first value.

The accuracy of the signature checking method described above may be verified using a mathematical method, and a specific proof method may be as follows:

은

와 같고, 유클리드 알고리즘에 따라 다음이 획득될 수 있다:According to the above calculation method, equation (8)

silver

, and according to the Euclidean algorithm, the following can be obtained:

이 유도될 수 있다.

은

와 같기 때문에,

가 성립한다. 그러므로 전술한 서명 검사 방법은 정확하다.therefore

This can be induced.

silver

Because it is equal to

is established Therefore, the signature checking method described above is accurate.

208. The data sharing system appends the signature check result, the aggregate public key and the aggregate signature to the message.

The data sharing system adds the signature check result, the aggregate public key and the aggregate signature to the message, and adds the obtained message to the blockchain after the addition.

In the present application, the aggregate signature is generated using sub-signatures of the plurality of signing parties, and the aggregate public key is generated based on the public keys of the plurality of signing parties; The length of the obtained aggregate signature is shorter than the length of the multi-signature obtained by splicing the plurality of sub-signatures, the length of the aggregate public key is shorter than the length of the multi-public key obtained by splicing the plurality of public keys, and ; Therefore, during network transmission of the aggregate signature and aggregate public key, the burden of network transmission is relieved, the storage space is reduced during storage, and during signature checking, the signed message is directly checked using the aggregate public key and aggregate, so that the signature check greatly reduce the complexity of In addition, since a specific application of the above-described signature generation method is provided in the transmission scenario, the feasibility of signature generation is improved, and the efficiency of signature generation and signature checking in the transfer scenario is also improved.

4 is a flowchart of a signature generation method according to an embodiment of the present invention. For example, this method applies to the leader node of a data sharing system. In this case, the signature aggregation party is the leader node of the data sharing system. Each of the plurality of signing parties is a follower node in the data sharing system. Any follower node may determine, according to heartbeat information broadcast by the leader node in the data sharing system, that the leader node is running normally and can copy the log based on the leader node's instruction. If the follower node does not receive the heartbeat information of the leader node for a certain period of time, the follower node may determine that there is a defect in the execution of the leader node, and the follower node sends a voting request to each node of the data sharing node. broadcast Upon receiving votes for more than half of the node devices in the cluster, the follower node enters the leader state for execution, broadcasts heartbeat information to each node device in the cluster, and stores a log based on interactions with client devices, each node command to copy the log to . These operations are described in detail below.

400: The leader node transmits to each follower node a consensus acknowledgment packet carrying input information of the client device.

When consensus among nodes is reached using bft-raft (consensus algorithm) in a trusted block chain, as shown in FIG. 5, the leader node sends a consensus confirmation packet to each follower node. The consensus acknowledgment packet is a data packet that must be stored after reaching an agreement on the packet between nodes, and the consensus acknowledgment packet t carries the message to be signed. In this embodiment, an explanation is provided using an example in which the message to be signed may be input information of the client device, such as a transmit message.

401: Each follower node receives a consensus confirmation packet.

After the leader node sends a consensus acknowledgment packet, each follower node receives a consensus acknowledgment packet. The consensus confirmation packet carries the input information of the client device, and triggers each follower node to sign the input information of the client device.

402: Each follower node obtains input information of the client device from the consensus acknowledgment packet.

After receiving the consensus acknowledgment packet sent by the leader node, each follower node parses the consensus acknowledgment packet and obtains the input information of the client device.

403: Each follower node obtains a respective public key and a private key.

After each follower node obtains the input information of the client device in the above-described process, each follower node obtains a respective public key and a private key, the method of obtaining it may be processed with reference to operation 203, where will not be explained again here.

404: The leader node acquires the public key of each follower node.

After the above operation is completed, the leader node acquires the public key of each follower node. The leader node may obtain the public key of each follower node in the following plurality of implementations: (1) The public key of each follower node may be stored in a database of the leader node, and if necessary, the leader node You can directly obtain the public key of each account address. (2) Each follower node may store each public key and private key in each database, and after obtaining each public key, each follower node transmits the public key to the leader node. In this case, after the follower node transmits the public key for the first time, the leader node may store the public key of the follower node, and then implement the above-described implementation ( Reference to 1) may be made. (3) Each follower node temporarily generates a private key and a public key, and may refer to the above-described operation 203 for a generation calculation method, details are not described herein again. Then, each follower node transmits the generated public key to the leader node. In this case, after the follower node transmits the public key for the first time, the leader node may store the public key of the follower node, and then implement the above-described implementation ( Reference to 1) may be made. Details are not described again here.

405: Each follower node obtains a respective random number, and generates a respective eigenvalue according to each random number.

A method for each follower node to obtain a random number may be processed according to operation 3 in operation 201 , and a method for each follower node to generate an eigenvalue according to a random number may be processed according to operation 4 in operation 201 . This will not be explained again here. After generating each eigenvalue, each follower node sends each eigenvalue to the leader node.

406: Each follower node transmits each generated eigenvalue to the leader node.

407: After receiving each eigenvalue sent by each follower node, the leader node generates a message digest according to the input information of the client device and the eigenvalue of each follower node.

The calculation process for generating the message digest may be processed according to operation 202, which is not described herein again. After generating the message digest, the leader node sends the message digest to each follower node.

408: The leader node sends a message digest to each follower node in the data sharing system.

409: Each follower node generates a sub-signature according to the message digest, random number and private key.

The calculation process in which each follower node generates a sub-signature may be processed according to operation 203, which is not described herein again. After each follower node generates each sub-signature in the above operation, each follower node sends each sub-signature to the leader node.

410: The leader node receives the public key sent by each follower node, and generates an aggregate public key according to the public key of each follower node.

The calculation process by which the leader node generates the aggregate public key may be processed according to operation 204, which is not described herein again.

411: The leader node generates an aggregate signature according to the sum of the sub-signatures and the message digest.

The calculation process by which the leader node generates the aggregate signature may be processed according to operation 205, which is not described herein again.

412: The leader node sends the aggregate public key and the aggregate signature to each follower node.

The leader node adds the generated aggregate public key and aggregate signature to the consensus confirmation packet, and then sends the consensus confirmation packet to each follower node. Each follower node parses the consensus confirmation packet, and extracts the aggregate public key, aggregate signature, and input information of the client device. Each follower node then performs signature checking on the message according to the aggregate public key and aggregate signature. Signature checking may be processed with reference to operation 207, which is not described herein again.

413: After signature check of the message node is performed by all the follower nodes, the leader node reaches a consensus, and each node stores the input information of the client device in the consensus confirmation packet, the aggregate signature and the aggregate public key .

According to the aggregation public key and the aggregation signature, consensus is reached between the nodes after each follower node successfully performs a signature check on the message. Then, each follower node stores the input information of the client device, the aggregate signature and the aggregate public key in the consensus confirmation packet.

The length of the aggregate signature obtained in the above process is shorter than the length of the signature obtained through splicing, and the length of the aggregate public key is shorter than the length of the public key obtained through splicing. Therefore, in the consensus process, during the network transmission of the aggregate signature, the burden of network transmission can be reduced, and when the signature check is performed on the message, the message only according to the aggregate public key and the aggregate signature so that the complexity of the signature check is reduced. A signature check needs to be performed.

The process of generating the aggregate signature and aggregate public key may be parallel. As shown in FIG. 6 , the leader node generates an aggregate sub-signature according to the plurality of sub-signatures, and then generates an aggregate signature according to the aggregate sub-signature and message digest. Similarly, the leader node generates a unified public key according to the plurality of public keys. Optionally, the process of generating the aggregate signature and aggregate public key may be serial. That is, the first follower node obtains the sub-signature and sends it to the second follower node; the second follower node obtains the sub-signature of the first follower node and the sub-signature of the second follower node, generates a partially aggregated sub-signature, and then sends the partially aggregated sub-signature to the third follower node; The third follower node obtains the partial aggregate sub-signature sent by the second follower node and the sub-signature of the third follower node, generates a new partial aggregate sub-signature, and then sends the new partial aggregate sub-signature to the fourth follower. send to the node; By continuing in this way, the last follower node generates a new partial aggregate sub-signature, and sends the partial aggregate sub-signature to the leader node; The leader node receives the partial aggregate sub-signature, determines the partial aggregate sub-signature as the aggregate sub-signature, and then generates the aggregate signature according to the generated aggregate sub-signature and message digest. It is not limited here.

In the present application, the aggregate signature is generated using sub-signatures of the plurality of signing parties, and the aggregate public key is generated based on the public keys of the plurality of signing parties; The length of the obtained aggregate signature is shorter than the length of the multi-signature obtained by splicing the plurality of sub-signatures, the length of the aggregate public key is shorter than the length of the multi-public key obtained by splicing the plurality of public keys, and ; Therefore, during network transmission of the aggregate signature and aggregate public key, the burden of network transmission is relieved, the storage space is reduced during storage, and during signature checking, the signed message is directly checked using the aggregate public key and aggregate signature, so that the signature It greatly reduces the complexity of the inspection. In addition, a specific application of the above-described signature generation method in a consensus scenario is provided to improve the feasibility of signature generation, and to improve the efficiency of signature generation and signature checking in a consensus scenario.

7 is a flowchart of signature generation according to an embodiment of the present disclosure. For example, this method is applied to a client device in a data sharing system, and the client device in which any one of a plurality of signing parties is located is used as an execution body for executing the aggregate signature. In this case, for ease of explanation, a client device used as a signature aggregation party in a client device participating in an intelligent contract is referred to as a first client device, and another client device participating in an intelligent contract is referred to as a second client device. In the intelligent contract scenario, the message to be signed is the contract data, and the contract data is used to constrain the conditions for completing the transaction. The operation is described in detail below.

700: The first client device and the at least one second client device obtain a signature generation command, wherein the signature generation command is used to indicate contract details and transfer amounts of the plurality of contract parties.

As shown in FIG. 8 , when a plurality of parties jointly initiate the transfer of a contract, signatures of the plurality of contracting parties are required to reach the contract. When the plurality of contracting parties operate each client device for transmission, the client device receives a contract delivery request, the contract transaction request delivers a message to be signed in this transaction, the message being signed by the plurality of contracting parties , and multiple contracting parties are triggered to start generating signatures.

701: The first client device and the at least one second client device acquire a plurality of respective random numbers, and individually generate respective eigenvalues according to the plurality of random numbers.

Upon receiving the signature generation trigger command, the at least one second client device obtains a respective random number. The acquisition process may be handled with reference to operation 201 , and details are not described herein again. After obtaining the random number of the at least one second client device, the at least one second client device generates a respective eigenvalue according to each random number. The generating method may be processed with reference to operation 201, details not described herein again. After generating the eigenvalue, the at least one second client device transmits the generated eigenvalue to the first client device.

702: The at least one second client device sends a respective eigenvalue to the first client device.

703: The first client device generates the message digest according to the contract data and the at least one eigenvalue of the at least one second client device.

A process in which the first client device generates the message digest may be processed with reference to operation 202 described above, which is not described herein again.

704: The first client device sends the message digest to the at least one second client device.

705 : The at least one second client device obtains the message digest, and then the first client device and the at least one second client device obtain the contract data, the private key and the public key.

Processes in which the first client device and the at least one second client device obtain the private key and the public key, respectively, may be processed with reference to operation 203 , which is not described herein again.

706 : The first client device and the at least one second client device generate a sub-signature according to the message digest, the random number and the private key.

A process by which the at least one second client device generates each sub-signature may be processed with reference to operation 203 described above, which is not described herein again.

707: The at least one second client device sends a respective sub-signature to the first client device.

708: the first client device obtains respective public keys of the first client device and the at least one second client device, and an aggregate public key according to respective public keys of the first client device and the at least one second client device to create

The first client device receives the public key and sub-signature sent by the at least one second client device, and stores the received public key and sub-signature. Then, the process of generating the aggregate public key by the first client device may be processed with reference to operation 204 described above, which is not described herein again.

709: The first client device generates the aggregate signature according to the message digest and the sum value of the sub-signatures of the first client device and the at least one second client device.

A process by which the first client device generates the aggregate signature may be processed with reference to operation 205 described above, which is not described herein again.

710: The first client device adds the aggregate public key and the aggregate signature to the contract data.

After generating the aggregate public key and aggregate signature, the first client device adds the aggregate public key and aggregate signature to the contract data, and then sends the contract data to the data sharing system. In addition, each node of the data sharing system may perform signature check on contract data based on the aggregate public key and aggregate signature. If the signature check succeeds, the data sharing system stores the contract data, the aggregate public key and the aggregate signature. Naturally, signature checking may not be performed on the contract data, and the contract data, aggregate public key and aggregate signature are stored directly. When the contract is executed, the aggregate public key and the aggregate signature are obtained from the data disclosure system, and a signature check on the contract data is performed according to the aggregate public key and the aggregate signature.

The length of the aggregate signature obtained in the above process is shorter than the length of the signature obtained through splicing, and the length of the aggregate public key is shorter than the length of the public key obtained through splicing. Therefore, during network transmission of the aggregate signature, the burden of network transmission can be reduced, and during storage of the aggregate public key and the aggregate signature, the storage space can be reduced.

The process of generating the aggregate signature and aggregate public key may be parallel. That is, the first client device of the aggregation party generates the aggregate sub-signature according to the plurality of sub-signatures, and then generates the aggregate signature according to the aggregate sub-signature and the message digest. Similarly, the first client device generates a unified public key according to the plurality of public keys. Optionally, the process of generating the aggregate signature and aggregate public key may be serial. That is, the first contracting party client device obtains the sub-signature and then sends it to the at least one second contracting party client device. The at least one second contracting party client device obtains a subsignature of the first contracting party client device and a subsignature of the at least one second contracting party client device, generates a partially aggregated subsignature, and then converts the subsignature into the third contract Send to the party client device. the third contracting party client device obtains the partial aggregate sub-signature sent by the at least one second contracting party client device and the sub-signature of the third contracting party client device, generates a new partially aggregated sub-signature, and so on; proceed, and then send it to the fourth contracting party client device, and so on, so that the last contracting party client device generates a new partial aggregate sub-signature, and sends the partial aggregate sub-signature to the aggregation party first client device . The aggregation party client generates an aggregate sub-signature according to the partial aggregate sub-signature and the sub-signature of the aggregate party client, and then generates an aggregate signature according to the generated aggregate sub-signature and message digest. It is not limited here.

In the present application, the aggregate signature is generated using sub-signatures of the plurality of signing parties, and the aggregate public key is generated based on the public keys of the plurality of signing parties; The length of the obtained aggregate signature is shorter than the length of the multi-signature obtained by splicing the plurality of sub-signatures, the length of the aggregate public key is shorter than the length of the multi-public key obtained by splicing the plurality of public keys, and ; Therefore, during network transmission of the aggregate signature and aggregate public key, the burden of network transmission is relieved, the storage space is reduced during storage, and during signature inspection, the signature public message is directly inspected using the aggregate public key and aggregate signature inspection greatly reduce the complexity of In addition, since the specific application of the above-described signature generation method in the intelligent contract scenario is provided, the feasibility of signature generation is improved, and the efficiency of signature generation and signature inspection in the intelligent contract scenario is also improved.

9 is a schematic structural diagram of an apparatus for generating a signature according to an embodiment of the present disclosure. Referring to FIG. 9 , the apparatus includes a generating module 901 and an acquiring module 902 .

The generating module 901 is configured to generate a message digest according to a to-be-signed message and an eigenvalue of a plurality of signing parties, wherein the eigenvalue of each signing party is a random number of the signing party. obtained through the following calculations.

The obtaining module 902 is configured to obtain the public key and sub-signatures of the plurality of signing parties, wherein the sub-signatures of each signing party include the random number of the signing party, the message digest and the private key of the plurality of signing parties. It is obtained through calculation according to

The generating module 901 is further configured to generate an aggregation public key according to the public keys of the plurality of signing parties, wherein the length of the aggregate public key is determined after splicing. shorter than the length of the public key.

The generating module 901 is further configured to generate an aggregate signature according to the sum value of the plurality of sub-signatures and the message digest.

In any possible implementation, the generating module 901 includes an obtaining submodule 9011 and a generating submodule 9012 .

The obtaining submodule 9011 is configured to obtain the original values of the plurality of signing parties, the message to-be-signed, and the first values.

The generating submodule 9012 is configured to generate an aggregate eigenvalue according to the eigenvalues of the plurality of signature parties and the first values.

The generating submodule 9012 is further configured to generate a message digest according to the aggregate eigenvalue, the message to be signed, and a preset one-way hash function.

In any possible implementation, the generating submodule 9012 includes:

and calculate a product of the plurality of eigenvalues, and generate the aggregate eigenvalue according to the product of the plurality of eigenvalues and the first value.

In any possible implementation, the generating submodule 9012 is further configured to: calculate a product of the plurality of public keys, and generate the aggregate public key according to the product of the plurality of public keys and the first value. .

In any possible implementation, the generating module 901 includes:

and generate an aggregate sub-signature according to the plurality of sub-signatures, splicing the aggregate sub-signature and the message digest, and determine a result obtained after splicing as the aggregate signature.

In any possible implementation, the plurality of signing parties are a plurality of account addresses provided by the client device, and the message to be signed corresponds to each account address when the method is applied to a client device in a data sharing system. value transfer information.

In any possible implementation, the message to be signed is contract data, wherein the contract data is used to constrain conditions for completing a transaction when the method is applied to a client device in a data sharing system.

In any possible implementation, each of the plurality of signing parties is a follower node in the data sharing system when the method is applied to a client device in the data sharing system.

Correspondingly, the device comprises:

a sending module 903, configured to send the message digest to the follower node in the data sharing system, after generating the message digest according to the message to be signed and the eigenvalues of a plurality of signing parties

further includes

Acquisition module 902 includes:

and further configured to receive the public key and sub-signature sent by each follower node.

The transmission module 903 includes:

after generating the aggregate signature according to the sum of the plurality of sub-signatures and the message digest, send the aggregate public key and the aggregate signature to each follower node.

10 is a schematic structural diagram of an apparatus for generating a signature according to an embodiment of the present disclosure. Referring to FIG. 10 , the apparatus includes a generating module 1001 and an obtaining module 1002 .

The generating module 1001 is configured to obtain a random number and generate an eigenvalue according to the random number.

The obtaining module 1002 is configured to obtain a message to be signed, a private key and a public key.

The obtaining module 1002 is configured to generate a message digest, wherein the message digest is obtained through calculation by the signature aggregation party according to the to-be-signed message and the value.

The generating module 1001 is configured to generate a sub-signature according to the message digest, the random number and the private key.

In any possible implementation, the generating module 1001 includes:

및 제2 값

를 획득하고 - 상기 제1 값

및 상기 제2 값

는 소수이고,

는

의 인수이고,

및

임 - ;first value

and a second value

to obtain - the first value

and the second value

is a prime number,

Is

is the argument of

and

Lim - ;

를 획득하고 -

는

이

로 정확하게 나누어질 수 있음을 만족함 - ; 및generation base

to obtain -

Is

this

It is satisfied that it can be precisely divided into - ; and

임 - ; 그리고obtain the random number - the range of values of the random number is

Lim - ; and

and generate the eigenvalue according to the random number, the generation criterion, and the first value.

In any possible implementation, the device comprises:

a sending module 1003, configured to send the sub-signature and the public key to the signature aggregation party when the signature generating method is applied to a follower node in a data sharing system;

further includes

An embodiment of the present disclosure further provides an electronic device, the electronic device comprising: a processor; and a memory configured to store a computer program, wherein the processor executes the computer program stored in the memory to operate the following method: generating a message digest according to a message to be signed and a value of a plurality of signing parties a step of - an eigenvalue of each signing party is obtained through calculation according to the random number of the signing party; obtaining a public key and sub-signature of the plurality of signing parties, wherein the sub-signature of each signing party is obtained through calculation according to the random number of the signing party, the message digest and the private key of the plurality of signing parties; ; generating an aggregate public key according to the public keys of the plurality of signing parties, wherein a length of the aggregate public key is shorter than a length of the plurality of public keys after splicing; and generating an aggregate signature according to the sum of the plurality of sub-signatures and the message digest.

In a possible implementation, the processor is configured to: obtain an eigenvalue of the plurality of signing parties, the message to be signed and a first value; generate an aggregate eigenvalue according to the eigenvalues of the plurality of signature parties and the first value; and generate a message digest according to the aggregation eigenvalue, the message to be signed, and a preset one-way hash function.

In a possible implementation, the processor is configured to: calculate a product of the plurality of eigenvalues, and generate the aggregate eigenvalue according to the product of the plurality of eigenvalues and the first value.

In a possible implementation, the processor is configured to: calculate a product of the plurality of public keys, and generate the aggregate public key according to the product of the plurality of public keys and the first value.

In a possible implementation, the processor is configured to: generate an aggregate sub-signature according to the plurality of sub-signatures, splice the aggregate sub-signature and the message digest, and determine a result obtained after splicing as the aggregate signature. Consists of.

In a possible implementation, the electronic device is a client device in a data sharing system, the plurality of signing parties are a plurality of account addresses provided by the client device, and the message to be signed includes value transfer information corresponding to each account address. to be.

In a possible implementation, the electronic device is a client device in a data sharing system, the message to be signed is contract data, and the contract data is used to constrain conditions for completing a transaction.

In a possible implementation, the electronic device is a leader node in the data sharing system, each of the plurality of signing parties is a follower node in the data sharing system, and the electronic device sends the message digest to the follower node in the data sharing system and a transceiver configured to: wherein the transceiver is further configured to receive a public key and a sub-signature sent by each follower node, the processor configured to send the aggregate public key and the aggregate signature to each follower node. It is further configured to transmit to .

In one example, the above-described electronic device may be provided as the terminal 1100 illustrated in FIG. 11 . 11 is a structural block diagram of a terminal 1100 according to an embodiment of the present disclosure. The terminal 1100 may be a personal computer (PC), a smart phone, a tablet computer, or the like. The terminal 1100 may also be referred to as a user device, a portable terminal, another name, or the like.

Typically, the terminal 1100 includes a processor 1101 and a memory 1102 .

Processor 1101 may include one or more processing cores, for example, a 4-core processor or an 8-core processor. The processor 1101 may be implemented in the form of at least one hardware in digital signal processing (DSP), field-programmable gate array (FPGA), and programmable logic array (PLA). can Processor 1101 may also include a main processor and a coprocessor. The main processor is a processor for processing data in an awake state, and is also called a central processing unit (CPU). A coprocessor is a low-power processor for processing data in a standby state. In some embodiments, the processor 1101 may be integrated with a graphics processing unit (GPU), which serves to render and draw content that needs to be displayed on the display. In some embodiments, the processor 1101 may further include an artificial intelligence (AI) processor. The AP processor is configured to process computing operations related to machine learning.

Memory 1102 may include one or more computer-readable storage media that may be tangible and non-transitory. Memory 1102 may also include high-speed random access memory, and non-volatile memory, such as one or more magnetic disk storage devices and flash storage devices. In some embodiments, a non-transitory computer-readable storage medium in memory 1102 is configured to store at least one instruction, the at least one instruction being transmitted to processor 1101 to implement the signature generation method provided herein. is executed by

In some embodiments, the terminal 1100 optionally includes a peripheral device interface 1103 and at least one peripheral device. Specifically, the peripheral device includes at least one of a radio frequency circuit 1104 , a touch display 1105 , a camera 1106 , an audio circuit 1107 , a positioning component 1108 , and a power source 1109 .

The peripheral device interface 1103 may be configured to connect at least one peripheral device related to input/output (I/O) to the processor 1101 and the memory 1102 . In some embodiments, the processor 1101 , memory 1102 , and peripheral interface 1103 are integrated on the same chip or circuit board; In some other embodiments, any one or two of the processor 1101 , the memory 1102 , and the peripheral interface 1103 may be implemented on separate chips or circuit boards, which is not limited to this embodiment. .

The radio frequency circuitry 1104 is configured to receive and transmit radio frequency (RF) signals, also referred to as electromagnetic signals. The RF circuitry 1104 communicates with communication networks and other communication devices via electromagnetic signals. The RF circuit 1104 converts an electrical signal to an electromagnetic signal for transmission, or converts a received electromagnetic signal to an electrical signal. Optionally, RF circuitry 1104 includes an antenna system, RF transceiver, one or more amplifiers, tuners, oscillators, digital signal processors, codec chipsets, subscriber identity module cards, and the like. The RF circuit 1104 may communicate with another terminal through at least one wireless communication protocol. Wireless communication protocols include, but are not limited to, the World Wide Web, metropolitan networks, intranets, generational mobile communication networks (2G, 3G, 4G and 5G), wireless local area networks, and/or wireless fidelity (WiFi) networks. In some embodiments, radio frequency circuitry 1104 may further include near field communication (NFC) related circuitry, which is not limited in this application.

The touch display 1105 is configured to display a user interface (UI). The UI may include graphics, text, icons, video, and any combination thereof. Touch display 1105 also has the ability to collect touch signals on or on the surface of touch display 1105 . The touch signal may be input to the processor 1101 as a control signal for processing. Touch display 1105 is configured to provide virtual buttons and/or virtual keyboards, also referred to as soft buttons and/or soft keyboards. In some embodiments, there may be one touch display 1105 disposed on the front panel of the terminal 1100 ; In some other embodiments, there may be at least two touch displays 1105 each disposed on different surfaces of the terminal 1100 or in a folded design. In another embodiment, the touch display 1105 may be a flexible display disposed on a curved or folded surface of the terminal 1100 . Even the touch display 1105 can be set to a non-rectangular irregular pattern, ie, a profiling screen. Even the touch display screen 1105 may be set to a non-rectangular irregular pattern, ie, a profile screen. The touch display 1105 may be manufactured using a material such as a liquid crystal display (LCD) or an organic light emitting diode (OLED).

The camera assembly 1106 is configured to collect images or video. Optionally, camera assembly 1106 includes a front camera and a rear camera. Typically, the front camera is configured to implement video calls or selfies, and the rear camera is configured to implement photo or video taking. In some embodiments, there are at least two rear cameras, one of a main camera, a depth-of-field camera, and a wide-angle camera, so that the main camera and the depth-of-field camera are implemented in combination. A bokeh function, a main camera and a wide-angle camera are combined to implement panoramic shooting and virtual reality (VR) shooting functions. In some embodiments, camera assembly 1106 may also include a flash. The flash may be a monochromatic temperature flash or a two-color temperature flash. A two-color temperature flash is a combination of a warm light flash and a cold light flash and can be used to compensate for light at different color temperatures.

The audio circuit 1107 is configured to provide an audio interface between the user and the terminal 1100 . Audio circuitry 1107 may include a microphone and a speaker. The microphone is configured to: collect sound waves of the user and environment, and convert the sound waves into electrical signals for input to the processor 1101 for processing, or into RF circuitry 1104 for voice communication. For stereo collection or noise reduction, a plurality of microphones may be respectively disposed in different parts of the terminal 1100 . The microphone may also be an array microphone or an omni-directional microphone. The speaker is configured to convert an electrical signal from the processor 1101 or RF circuit 1104 into sound waves. The speaker may be a conventional film speaker or a piezoelectric ceramic speaker. When the speaker is a piezoelectric ceramic speaker, it can not only convert electrical signals into human audible sound waves, but also convert electrical signals into sound waves that humans cannot hear. In some embodiments, audio circuitry 1107 may also include a headphone jack.

The location determining component 1108 is configured to find a current geographic location of the terminal 1100 to implement a navigation or location based service (LBS). The positioning component 1108 may be a positioning component based on the US Global Positioning System (GPS), the Chinese Beidou System, or the Russian Galileo System.

The power source 1109 is configured to supply power to various components of the terminal 1100 . The power source 1109 may be alternating current, direct current, a disposable battery, or a rechargeable battery. When the power source 1109 includes a rechargeable battery, the rechargeable battery may be a wired rechargeable battery or a wireless rechargeable battery. A wired rechargeable battery is a battery that is charged by a wire, and a wireless rechargeable battery is a battery that is charged with a wireless coil. Rechargeable batteries can also be used to support fast charging technology.

In some embodiments, the terminal 1100 further includes one or more sensors 1110 . The one or more sensors 1110 include, but are not limited to, an acceleration sensor 1111 , a gyroscope sensor 1112 , a pressure sensor 1113 , a fingerprint sensor 1114 , an optical sensor 1115 , and a proximity sensor 1116 . does not

The acceleration sensor 1111 may detect the magnitude of acceleration on three coordinate axes of the coordinate system set by the terminal 1100 . For example, the acceleration sensor 1111 may be configured to detect components of gravitational acceleration on three coordinate axes. The processor 1101 may control the touch display 1105 to display the user interface horizontally or vertically according to the gravitational acceleration signal collected by the acceleration sensor 1111 . The acceleration sensor 1111 may be configured to collect game data or user movement data.

The gyroscope sensor 1112 may detect the body orientation and rotation angle of the terminal 1100 , and the gyroscope sensor 1112 cooperates with the acceleration sensor 1111 to collect 3D movement of the user with respect to the terminal 1100 . can do. The processor 1101 collected by the gyroscope sensor 1112 can implement functions such as motion sensing (such as changing the UI according to the user's tilting motion), image stabilization when shooting, game control, and inertial navigation. .

The pressure sensor 1113 may be disposed on a side bezel of the terminal 1100 and/or a lower layer of the touch display 1105 . When the pressure sensor 1113 is disposed on the side bezel of the terminal 1100, a user's holding signal for the terminal 1100 may be sensed, and the left and right hand recognition or shortcut operation may be performed according to the holding signal. can be performed. When the pressure sensor 1113 is disposed in a lower layer of the touch display 1105 , operability control for the UI interface may be controlled according to the user's pressure operation on the touch display 1105 . The operability control includes at least one of a button control, a scroll bar control, an icon control, and a menu control.

The fingerprint sensor 1114 is configured to collect the user's fingerprint to identify the user's identity according to the collected fingerprint. Upon identifying the user's identity as a trusted identity, the processor 1101 authorizes the user to perform relevant sensitive actions including unlocking the screen, viewing encrypted information, downloading software, setting up payments and changes, and the like. do. The fingerprint sensor 1114 may be disposed on the front, back, or side of the terminal 1100 . When a physical button or a manufacturer's logo is disposed on the terminal 1100, the fingerprint sensor 1114 may be integrated with the physical button or a manufacturer's logo.

Optical sensor 1115 is configured to collect ambient light intensity. In one embodiment, the processor 1101 may control the display brightness of the touch display 1105 according to the ambient light intensity collected by the optical sensor 1115 . Specifically, when the ambient light intensity is relatively high, the display brightness of the touch display 1105 is raised; When the ambient light intensity is relatively low, the display brightness of the touch display 1105 is lowered. In another embodiment, the processor 1101 may also dynamically adjust the imaging parameters of the camera assembly 1106 according to the ambient light intensity collected by the light sensor 1115 .

The proximity sensor 1116 , also called a distance sensor, is usually disposed on the front side of the terminal 1100 . The proximity sensor 1116 is configured to collect a distance between the user and the front surface of the terminal 1100 . In an embodiment, when the proximity sensor 1116 detects that the distance between the user and the front surface of the terminal 1100 is gradually decreasing, the processor 1101 controls the touch screen 1105 to display a blackout screen in a bright screen state. transition to a state; When the proximity sensor 1116 detects that the distance between the user and the front surface of the terminal 1100 is gradually increasing, the processor 1101 controls the touch display 1105 to switch from the blackout screen state to the bright screen state .

A person skilled in the art will know that the structure shown in FIG. 11 does not constitute a limitation for the terminal 1100, and the terminal may include more or fewer components than those shown in the figure, or some components may be It will be appreciated that combined or different component arrangements may be used.

In an exemplary embodiment, there is further provided a computer-readable storage medium storing at least one instruction, at least one program and a code set or set of instructions, wherein the at least one instruction comprises at least one program, and a code set or set of instructions. is loaded and executed by the processor to implement the signature generation method provided in the above-described embodiment. For example, the computer-readable storage medium may be a ROM, random access memory (RAM), a CD-ROM, magnetic tape, a floppy disk, an optical data storage device, or the like.

In one example, the above-described electronic device may be provided as the server 1200 illustrated in FIG. 12 . 12 is a structural block diagram of a server according to an embodiment of the present disclosure. For example, the server 1200 may be provided as a node. 12 , server 1200 includes processing component 1222 , and server 1200 further includes one or more processors, and memory resources represented by memory 132 . Memory resources are used to store instructions that can be executed by processing component 1222 . An example is the application. The application programs stored in memory 1232 may include one or more modules, each module corresponding to a series of instructions. Further, processing component 1222 is configured to execute an instruction to perform server-side method operations in any signature generation method in the embodiments shown in FIGS. 2 , 4 and 7 .

The server 1200 includes a power supply component 1226 configured to perform power supply management of the server 1200 , a wired or wireless network interface 1250 configured to connect the server 1200 to a network, and input/output (I/O) O) may further include an interface. The server 1200 may operate an operating system stored in the memory 1232 , for example, Windows Server ^TM , Mac OS X ^TM , Unix ^TM , Linux ^TM , or FreeBSD ^TM .

In an exemplary embodiment, there is further provided a computer-readable storage medium, wherein the storage medium stores at least one instruction, the at least one instruction being transmitted to a processor to implement the method for generating a signature provided in the above-described embodiment. loaded and executed by For example, the computer-readable storage medium may be a ROM, RAM, CD-ROM, magnetic tape, floppy disk, optical data storage device, or the like.

Other implementations of the present disclosure will occur to those skilled in the art after consideration of this specification and practice of the present disclosure. This application is intended to cover any modifications, uses or adaptations of this disclosure. Such modifications, uses or adaptive changes follow the general principles of the present disclosure, and include general knowledge or general technical means not disclosed in the present disclosure. The specification and examples are to be regarded as illustrative only, the true scope and spirit of the disclosure being pointed out in the claims that follow.

It is to be understood that the present application is not limited to the precise structure described above and shown in the accompanying drawings, and that various modifications and changes may be made thereto without departing from the scope of the present disclosure. The scope of the present disclosure is limited only by the appended claims.

Claims (20)

A method of generating a signature performed by an electronic device, the method comprising:
Generating a message digest according to a to-be-signed message and an eigenvalue of a plurality of signature parties - The eigenvalue of each signing party is calculated according to the random number of the signing party Acquired - ;
obtaining a private key, a public key and a sub-signature of the plurality of signing parties, wherein the sub-signature of each signing party is calculated according to the random number of the signing party, the message digest and the private key of the signing party Acquired through - ;
generating an aggregation public key according to the public keys of the plurality of signing parties, the length of the aggregate public key being shorter than the length of the plurality of public keys after splicing; and
generating an aggregate signature according to the sum of the plurality of sub-signatures and the message digest;
including,
generating an aggregate signature according to the sum value of the plurality of sub-signatures and the message summary;
generating an aggregate sub-signature according to the sum of the plurality of sub-signatures, splicing the aggregate sub-signature and the message digest, and determining a result obtained after splicing as the aggregate signature;
containing,
How to create a signature. According to claim 1,
generating a message digest according to the message to be signed and the eigenvalues of a plurality of signing parties;
obtaining an eigenvalue of the plurality of signing parties, the message to be signed, and a first value;
generating an aggregate eigenvalue according to the eigenvalues of the plurality of signature parties and the first value; and
generating a message digest according to the aggregate eigenvalue, the message to be signed, and a preset one-way hash function;
A method of generating a signature, comprising: 3. The method of claim 2,
The step of generating an aggregate eigenvalue according to the plurality of eigenvalues and the first value comprises:
calculating the product of the plurality of eigenvalues, and generating the aggregate eigenvalue according to the product of the plurality of eigenvalues and the first value;
A method of generating a signature, comprising: 3. The method of claim 2,
The step of generating an aggregate public key according to the public keys of the plurality of signing parties includes:
calculating a product of the plurality of public keys, and generating the aggregate public key according to the product of the plurality of public keys and the first value;
A method of generating a signature, comprising: delete According to claim 1,
wherein the electronic device is a client device in a data sharing system, the plurality of signing parties are a plurality of account addresses provided by the client device, and the message to be signed is value transfer information corresponding to each account address. Way. According to claim 1,
wherein the electronic device is a client device in a data sharing system, the message to be signed is contract data, and the contract data is used to limit conditions for completing a transaction. According to claim 1,
The electronic device is a leader node in the data sharing system, and each of the plurality of signature parties is a follower node in the data sharing system,
After generating the message digest according to the to-be-signed message and the eigenvalues of a plurality of signing parties, the signature generating method comprises:
sending the message digest to the follower node in the data sharing system
further comprising,
The step of obtaining the public keys and sub-signatures of the plurality of signing parties includes:
receiving the public key and sub-signature sent by each follower node;
including,
After generating an aggregate signature according to the sum of the plurality of sub-signatures and the message digest, the signature generating method comprises:
sending the aggregate public key and the aggregate signature to each follower node;
A signature generation method further comprising a. A method for generating a signature comprising:
obtaining a random number of each signature party, and generating an eigenvalue of each signature party according to the random number;
obtaining a message to be signed, a private key and a public key of each signing party;
generating a message digest, wherein the message digest is obtained through calculation by a signing aggregation party according to the to-be-signed message and an eigenvalue of all signing parties;
generating a sub-signature according to the message digest, the random number and the private key; and
When there are a plurality of signing parties, generating an aggregate sub-signature according to the sum of the plurality of sub-signatures, splicing the aggregate sub-signature and the message digest, and determining a result obtained after splicing as an aggregate signature. step
A method of generating a signature, including 10. The method of claim 9,
Obtaining the random number and generating an eigenvalue according to the random number comprises:
first value

and a second value

obtaining - the first value

and the second value

is a prime number,

Is

is the argument of

and

Lim - ;
generation base

Steps to obtain -

Is

this

It is satisfied that it can be precisely divided into - ; and
obtaining the random number - the value range of the random number is

Lim - ; and
generating the eigenvalue according to the random number, the generation criterion, and the first value;
A method of generating a signature, comprising: 10. The method of claim 9,
After generating a sub-signature according to the message digest, the random number and the private key, the signature generating method comprises:
transmitting the sub-signature and the public key to the signature aggregation party when the signature generation method is applied to a follower node in a data sharing system;
A signature generation method further comprising a. An electronic device comprising:
processor; and
memory configured to store computer programs
includes,
The electronic device, wherein the processor is configured to execute the computer program stored in the memory to perform the operation of the method according to any one of claims 1 to 4, 6 to 11. A computer-readable storage medium storing a computer program, comprising:
The computer program, when executed by a processor, is configured to perform the operation of the method according to any one of claims 1 to 4, 6 to 11. delete delete delete delete delete delete delete

Images